-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 10 Apr 2025 23:47:00 +0200 Source: twitter-bootstrap3 Architecture: source Version: 3.4.1+dfsg-3+deb12u1 Distribution: bookworm Urgency: medium Maintainer: Debian Javascript Maintainers Changed-By: Bastien Roucariès Closes: 1084060 Changes: twitter-bootstrap3 (3.4.1+dfsg-3+deb12u1) bookworm; urgency=medium . * Team upload * Fix CVE-2024-6485: A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered. (Closes: #1084060) * Fix CVE-2024-6484: A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser. (Closes: #1084060) Checksums-Sha1: d2c2e31ed4e22ba8f4ce5642db0c2497e6740419 2303 twitter-bootstrap3_3.4.1+dfsg-3+deb12u1.dsc 0c1b1b026a103e470bb29f0d54445e44d2ab8f49 2011336 twitter-bootstrap3_3.4.1+dfsg.orig.tar.xz 25bee3360adf0ae50a5ca79f69e8b366e9dadf78 54992 twitter-bootstrap3_3.4.1+dfsg-3+deb12u1.debian.tar.xz c733544fb0edc8af38b46a5edbe534c139a10265 7878 twitter-bootstrap3_3.4.1+dfsg-3+deb12u1_amd64.buildinfo Checksums-Sha256: 343dc4557c440413a930737dcf45f12d3384fcd01745b8b1730ca594c0ed298c 2303 twitter-bootstrap3_3.4.1+dfsg-3+deb12u1.dsc 9eb17937c62ff1133779bdca0b2ee62bfc3a8fc3348aef3b197e6020c9ce3528 2011336 twitter-bootstrap3_3.4.1+dfsg.orig.tar.xz e09f90ab9cf7c878f0f727ad13f4cb0ef4759b9d175f625077822c559b5ac6b8 54992 twitter-bootstrap3_3.4.1+dfsg-3+deb12u1.debian.tar.xz 6135ac805e50f4dea5004bc4cb7f12bafbfe422eeb36b51b1f150e30c6125bdd 7878 twitter-bootstrap3_3.4.1+dfsg-3+deb12u1_amd64.buildinfo Files: 4595c09ea7abb8ec36adce98dbed2981 2303 javascript optional twitter-bootstrap3_3.4.1+dfsg-3+deb12u1.dsc 504ddae4ecdda987cbe48168d176ab41 2011336 javascript optional twitter-bootstrap3_3.4.1+dfsg.orig.tar.xz 78b3d8ec6ba5f64bc4e5cda9b3a93fb0 54992 javascript optional twitter-bootstrap3_3.4.1+dfsg-3+deb12u1.debian.tar.xz 94191e916e6b4f1465c499a4cffdad06 7878 javascript optional twitter-bootstrap3_3.4.1+dfsg-3+deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmgfeCEACgkQADoaLapB CF+23RAAmiMBQozhSjrRSgGLpaiDqAEpDunMpmkRF23lM+RFEU50WVrrOThgMfyh zAWwFL4oOr6wliHa/48QfS4MMG3zfn9WmMmp5ZAyJr14zR9uv8YtgHRnOq0UsUzn 34+8UzpAXW2/Ci7ECJ3sIjuAxMSmA7qIhCWP746Z3kx9MG5DkAQX1Ku/G5eKTOcS 237ISVCyuHnf/p2aG4gkq4Tk3ciLp6dLyOLUI8pqhptWdbHDy0tVKsi6JEEioQzq c5YQyxAIR62aAIWAtoWBD7h6PHq+7uWST489oFTkfFe4u6Q+tBjcRBJtsvgYXEcq vDugx+55Bqy3vcYEH2KRMRQoi+cwWoDWfAd9u0G0TdHXvWcP8wCQPYH7WuBvykrk gIFXCAnPJkhbiRhFfy51ZxZbYvtvzEdFPaSL26dHHVAsFia4DvNE0+/Yca0iXpWV f7zFbA2tcGsx6bwDyssDKjF+ztMg+wEc6JWloKVYL5+HoiWAJWVHX//TlJIlZVkY b5mimQ02t+nsL8C+6JZhsxWsEGrb+VKOgsFo8IQTtl0vWhHyrL+F7qplb4JJ+Hoi NKLpKn1u3kMS6+QGrbjiAo8n3dL6junBTdJH5lcWWxw+YpA655oUUW+5nlAWZALL ZjBptmrBr7uo5I/FEcqo1DnhcYkJZyi6jde0yVY9JdKP9RVjmiM= =da69 -----END PGP SIGNATURE-----